20 FANTASTIC HACKING TOOLS
Before beginning your penetration test and security auditing, remember that the best tool of all Tools available is your own mind. Kali Linux is a suite of tools built to help gather information and exploit weaknesses, but the logical decision making and analysis is yours. Outside of the technical aspects of attacking, being calm and organized will you help you more than anything.
“A complete and adequate penetration test involves penetration testers conducting illegal activities on systems external or internal to an organization’s network. Organizations must understand that penetration testers performing the tests in most cases are breaking the law.”
Tools for Phase One
Information Gathering and Analysis
Kali Linux has a wonderful set of tools for gathering data on your target. The end goal of
phase one is to have a logical map of the target’s network, both of people and of machines.
Any information discovered now may be key to a pivot later on, so thoroughness is your ally. Most tools in this stage are very quiet, so if time is not a critical factor in your attack, this is the best time to move slowly and dig deep. The more you sweat now, the less you’ll bleed later.
phase one is to have a logical map of the target’s network, both of people and of machines.
Any information discovered now may be key to a pivot later on, so thoroughness is your ally. Most tools in this stage are very quiet, so if time is not a critical factor in your attack, this is the best time to move slowly and dig deep. The more you sweat now, the less you’ll bleed later.
- DNSenum
- Dmitry -The Network Rangefinder
- Nmap
- Maltego
- Social Engineering Toolkit
Tools for Phase Two
Vulnerability Detection and Enumeration
- Nessus
- OpenVAS
Tools for Phase Three
Penetration Attempts
At this phase, penetration testers will take the logical maps of the environment, and the list of exploitable vulnerabilities gathered in phases one and two. In a team of attackers, this is the perfect time for a brief pause and gathering of the troops. Up until this point most of the tools used were relatively quiet and noninvasive, and while Kali Linux is generally a very quiet set of tools, the pattern of attacks from here on out is necessarily noisier, and a lot more rides on the quality of the defense. If the attacking team is properly prepared, choosing which attack vector to hit is the next key step.
WiFi Attacking
- Aircrack-ng
Web Application Attacking
- Burp Suite
- Hydra
- Owasp
Password Attacking
- John The Ripper
- Pass the Hash Toolkit
Tools for Phase Four
Exploitation
This is the real meat of any penetration test. All the above tools are used to gain information and access to a system. Some offensively minded security professionals find the early stages of a penetration test to be tedious and dry. I believe the first three phases are not unlike playing a game of chess, where phase four is the final execution of your intricate plans just before a checkmate. Exploitation is the proof of all the work you’ve done in mapping the system and opening the doors. Even more so than before, you must be careful not to permanently damage any systems you are testing. Make note and document that they could have been damaged, and when the time comes to present your findings, be clear and honest about the state of security.
- Metasploit Framework
- The Browser Exploitation Framework (BeEF)
- Armitage
- Yersinia
- Durandal’s Backdoor (DBD)
- Exploit Database (EDB)
Phase Five
Reporting
- RecordMyDesktop
No comments:
Post a Comment